Trying to Restore after PSguard

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

I got infected with PSguard malware. I believe I have it cleaned out, but I
don't know how to get my system back to where I can use the computer again.

From Start, program Files shows empty. I can, however, go to the shortcuts
on the desktop, right click, open and then run most programs. Internet
explorer does not work but Mozilla Firefox does.

I tried running compmgmt.msc but it gives the message "MMC cannot open the
file. This may be because the file does not exist (it does), is not an MMC
console, or was created by a later version of MMC. This may also be because
you do not have sufficient rights to the file."

I am logged in as Owner which I thought had all the rights.

I tried running eventvwr.msc and get the same message.

I cannot access control panel either.

I do not want to use system recovery and lose all the programs I have
installed, especially since the \windows\system32\restore\SR-RP file has many
entries like below

RestorePointName=System Checkpoint, RestorePointStatus=[VALID], Number=301l,
Date=Thursday September 1, 2005 15:26:13

which I take to mean that many restore points exist.

Will appreciate any help solving this problem!!

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP

PSed wrote:
> I got infected with PSguard malware. I believe I have it cleaned out, but
> I don't know how to get my system back to where I can use the computer
> again.
>
> From Start, program Files shows empty. I can, however, go to the shortcuts
> on the desktop, right click, open and then run most programs. Internet
> explorer does not work but Mozilla Firefox does.
>
> I tried running compmgmt.msc but it gives the message "MMC cannot open the
> file. This may be because the file does not exist (it does), is not an MMC
> console, or was created by a later version of MMC. This may also be
> because you do not have sufficient rights to the file."
>
> I am logged in as Owner which I thought had all the rights.
>
> I tried running eventvwr.msc and get the same message.
>
> I cannot access control panel either.
>
> I do not want to use system recovery and lose all the programs I have
> installed, especially since the \windows\system32\restore\SR-RP file has
> many entries like below
>
> RestorePointName=System Checkpoint, RestorePointStatus=[VALID],
> Number=301l, Date=Thursday September 1, 2005 15:26:13
>
> which I take to mean that many restore points exist.
>
> Will appreciate any help solving this problem!!

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Thank you for taking time to answer. My question, however, is not how to
remove PSguard. That is already done. My question is how to perform system
rsetore when the standard method does not work.

"PA Bear" wrote:

> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/archive/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine.blogspot.com/
>
> When all else fails, HijackThis v1.99.1
> (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware. **Post
> your log to http://forums.spywareinfo.com/,
> http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
> for expert analysis, not here.**
>
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
>
> PSed wrote:
> > I got infected with PSguard malware. I believe I have it cleaned out, but
> > I don't know how to get my system back to where I can use the computer
> > again.
> >
> > From Start, program Files shows empty. I can, however, go to the shortcuts
> > on the desktop, right click, open and then run most programs. Internet
> > explorer does not work but Mozilla Firefox does.
> >
> > I tried running compmgmt.msc but it gives the message "MMC cannot open the
> > file. This may be because the file does not exist (it does), is not an MMC
> > console, or was created by a later version of MMC. This may also be
> > because you do not have sufficient rights to the file."
> >
> > I am logged in as Owner which I thought had all the rights.
> >
> > I tried running eventvwr.msc and get the same message.
> >
> > I cannot access control panel either.
> >
> > I do not want to use system recovery and lose all the programs I have
> > installed, especially since the \windows\system32\restore\SR-RP file has
> > many entries like below
> >
> > RestorePointName=System Checkpoint, RestorePointStatus=[VALID],
> > Number=301l, Date=Thursday September 1, 2005 15:26:13
> >
> > which I take to mean that many restore points exist.
> >
> > Will appreciate any help solving this problem!!
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hi,

Have you tried running System Restore?
All About System Restore in WinXP
http://bertk.mvps.org
Are there any error messages when you do?

Warning, restoring the system to a point when the system was still infected could
re-infect the system. This may not necessarily be a bad thing if the system regains it
functionality. Just be ready to remove PSGuard. See the link below.

How long ago did the system become infected?

Remove PSGuard
http://labs.paretologic.com/spyware.aspx?remove=PSGuard

--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org


PSed wrote:
> I got infected with PSguard malware. I believe I have it
> cleaned out, but I don't know how to get my system back
> to where I can use the computer again.
>
> From Start, program Files shows empty. I can, however, go
> to the shortcuts on the desktop, right click, open and
> then run most programs. Internet explorer does not work
> but Mozilla Firefox does.
>
> I tried running compmgmt.msc but it gives the message
> "MMC cannot open the file. This may be because the file
> does not exist (it does), is not an MMC console, or was
> created by a later version of MMC. This may also be
> because you do not have sufficient rights to the file."
>
> I am logged in as Owner which I thought had all the
> rights.
>
> I tried running eventvwr.msc and get the same message.
>
> I cannot access control panel either.
>
> I do not want to use system recovery and lose all the
> programs I have installed, especially since the
> \windows\system32\restore\SR-RP file has many entries
> like below
>
> RestorePointName=System Checkpoint,
> RestorePointStatus=[VALID], Number=301l, Date=Thursday
> September 1, 2005 15:26:13
>
> which I take to mean that many restore points exist.
>
> Will appreciate any help solving this problem!!

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <5E2CD785-5C97-49B6-8B7F-5A4FB299DDCB@microsoft.com>,
PSed@discussions.microsoft.com says...
> My question is how to perform system
> rsetore when the standard method does not work.

Look in google for "Windows XP repair reinstall instructions" - if you
follow the directions properly you will not have to reinstall everything
from scratch - but you may have to reactivate.

--

spam999free@rrohio.com
remove 999 in order to email me

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

I was positing that perhaps PSGuard wasn't completely removed and was still
causing problems.

IMO, once an expert gives your HijackThis log a clean bill of health, you
should flush all System Restore points.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP


PSed wrote:
> Thank you for taking time to answer. My question, however, is not how to
> remove PSguard. That is already done. My question is how to perform system
> rsetore when the standard method does not work.
>
> "PA Bear" wrote:
>
> > Checking for/Help with Hijackware
> > http://aumha.org/a/parasite.htm
> > http://aumha.org/a/quickfix.htm
> > http://aumha.net/viewtopic.php?t=5878
> > http://mvps.org/winhelp2002/unwanted.htm
> > http://inetexplorer.mvps.org/data/prevention.htm
> > http://inetexplorer.mvps.org/archive/tshoot.html
> > http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > http://defendingyourmachine.blogspot.com/
> >
> > When all else fails, HijackThis v1.99.1
> > (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
> > use. It will help you to both identify and remove any
> > hijackware/spyware. **Post your log to http://forums.spywareinfo.com/,
> > http://castlecops.com/forum67.html or
> > http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**
> >
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP
> >
> > PSed wrote:
> > > I got infected with PSguard malware. I believe I have it cleaned out,
> > > but I don't know how to get my system back to where I can use the
> > > computer again.
> > >
> > > From Start, program Files shows empty. I can, however, go to the
> > > shortcuts on the desktop, right click, open and then run most
> > > programs. Internet explorer does not work but Mozilla Firefox does.
> > >
> > > I tried running compmgmt.msc but it gives the message "MMC cannot
> > > open the file. This may be because the file does not exist (it does),
> > > is not an MMC console, or was created by a later version of MMC. This
> > > may also be because you do not have sufficient rights to the file."
> > >
> > > I am logged in as Owner which I thought had all the rights.
> > >
> > > I tried running eventvwr.msc and get the same message.
> > >
> > > I cannot access control panel either.
> > >
> > > I do not want to use system recovery and lose all the programs I have
> > > installed, especially since the \windows\system32\restore\SR-RP file
> > > has many entries like below
> > >
> > > RestorePointName=System Checkpoint, RestorePointStatus=[VALID],
> > > Number=301l, Date=Thursday September 1, 2005 15:26:13
> > >
> > > which I take to mean that many restore points exist.
> > >
> > > Will appreciate any help solving this problem!!

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

check these
psguard
removal instructions